Processing a dispersed storage network access request utilizing certificate chain validation information
First Claim
1. A method for execution in a dispersed storage network (DSN), the method comprises:
- for a realm of a plurality of realms of the DSN, wherein the realm has a group of DSN devices affiliated therewith, has a set of certificate authorities affiliated therewith, and has a unique realm identifier and wherein at least one certificate authority of the set of certificate authorities is a root certificate authority for the realm;
sending, by a dispersed storage managing unit certificate authority of the DSN, registry information to a storage unit of the DSN, wherein the registry information includes at least one of a network certificate and vault information;
sending, by the dispersed storage managing unit certificate authority, a certificate signing request of the storage unit to a certificate authority of the set of certificate authorities;
when the certificate authority is the root certificate authority, generating, by the root certificate authority, a root certificate in response to the certificate signing request, wherein the root certificate includes a signature of the root certificate authority;
when the certificate authority is an intermediate certificate authority for the realm, generating, by the intermediate certificate authority, an intermediate certificate in response to the certificate signing request, wherein the intermediate certificate includes the root certificate and a signature based on the signature of the root certificate authority or signature of another certificate authority of the set of certificate authorities;
generating, by the dispersed storage managing unit certificate authority, a certificate chain from the root certificate or the intermediate certificate; and
sending, by the dispersed storage managing unit certificate authority, the certificate chain to the storage unit.
2 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a processing module receiving a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain. When the certificate chain is valid, the method continues with the processing module accessing registry information for the DSN. The method continues with the processing module identifying one of a plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain, identifying one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries, and generating, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries.
-
Citations
14 Claims
-
1. A method for execution in a dispersed storage network (DSN), the method comprises:
for a realm of a plurality of realms of the DSN, wherein the realm has a group of DSN devices affiliated therewith, has a set of certificate authorities affiliated therewith, and has a unique realm identifier and wherein at least one certificate authority of the set of certificate authorities is a root certificate authority for the realm; sending, by a dispersed storage managing unit certificate authority of the DSN, registry information to a storage unit of the DSN, wherein the registry information includes at least one of a network certificate and vault information; sending, by the dispersed storage managing unit certificate authority, a certificate signing request of the storage unit to a certificate authority of the set of certificate authorities; when the certificate authority is the root certificate authority, generating, by the root certificate authority, a root certificate in response to the certificate signing request, wherein the root certificate includes a signature of the root certificate authority; when the certificate authority is an intermediate certificate authority for the realm, generating, by the intermediate certificate authority, an intermediate certificate in response to the certificate signing request, wherein the intermediate certificate includes the root certificate and a signature based on the signature of the root certificate authority or signature of another certificate authority of the set of certificate authorities; generating, by the dispersed storage managing unit certificate authority, a certificate chain from the root certificate or the intermediate certificate; and sending, by the dispersed storage managing unit certificate authority, the certificate chain to the storage unit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A non-transitory computer readable storage medium comprises:
for a realm of a plurality of realms of a dispersed storage network (DSN), wherein the realm has a group of DSN devices affiliated therewith, has a set of certificate authorities affiliated therewith, and has a unique realm identifier and wherein at least one certificate authority of the set of certificate authorities is a root certificate authority for the realm; a first memory section that stores operational instructions that, when executed by a dispersed storage managing unit certificate authority, causes the dispersed storage managing unit certificate authority to; send registry information to a storage unit of the DSN, wherein the registry information includes at least one of a network certificate and vault information; send a certificate signing request to Sa certificate authority of the set of certificate authorities; a second memory section that stores operational instructions that, when executed by the certificate authority, causes the certificate authority to; when the certificate authority is the root certificate authority, generate a root certificate in response to the certificate signing request, wherein the root certificate includes a signature of the root certificate authority; and when the certificate authority is an intermediate certificate authority for the realm, generate an intermediate certificate in response to the certificate signing request, wherein the intermediate certificate includes the root certificate and a signature based on the signature of the root certificate authority or signature of another certificate authority of the set of certificate authorities; and the first memory section further stores operation instructions that, when executed by the dispersed storage managing unit certificate authority, causes the dispersed storage managing unit certificate authority to; generate a certificate chain from the root certificate or the intermediate certificate; and send the certificate chain to the storage unit. - View Dependent Claims (9, 10, 11, 12, 13, 14)
Specification